# Security Policy

This repo currently defines no project-specific security overrides.

`goat-security` may read this file as the canonical repo-local policy hook, but
an empty policy does not suppress observed exploit paths or downgrade verified
findings.

## Optional Inputs

- Approved crypto choices: none defined here.
- Auth model assumptions: none defined here.
- Secret classes and handling rules: none defined here.
- Deployment boundaries: none defined here.
- Forbidden third-party services/actions: none defined here.